---

- name: sshd_config 
  action: copy src=$item dest=/etc/ssh/sshd_config mode=600
  with_first_found:
    - $sshd_config
    - ${files}/ssh/sshd_config.${ansible_fqdn}
    - ${files}/ssh/sshd_config.${host_group}
    - ${files}/ssh/sshd_config.${dist_tag}
    - ${files}/ssh/sshd_config.${ansible_distribution}
  notify:
  - restart sshd
  tags:
  - sshd_config
  - config
  - sshd

- name: set root passwd
  action: user name=root password={{ rootpw }} state=present
  tags:
  - rootpw

- name: add ansible root key 
  action: authorized_key user=root key="{{ item }}"
  with_file:
  - ${files}/common/ansible-pub-key
  tags:
  - config

- name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network
  lineinfile: dest=/etc/sysconfig/network create=yes backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS=
  tags:
  - config
  
- name: global default packages to install
  action: yum state=installed name=$item
  with_items: $global_pkgs_inst
  tags:
  - packages

- name: dist pkgs to remove
  action: yum state=removed name=$item
  with_items: $base_pkgs_erase
  tags:
  - packages

- name: dist pkgs to install
  action: yum state=installed name=$item
  with_items: $base_pkgs_inst
  tags:
  - packages

- name: dist disabled services
  action: service state=stopped enabled=false name=$item
  with_items: $service_disabled
  tags:
  - service
  - config

- name: dist enabled services
  action: service state=running enabled=true name=$item
  with_items: $service_enabled
  tags:
  - service
  - config


- name: iptables
  action: template src=$item dest=/etc/sysconfig/iptables mode=600 backup=yes
  with_first_found:
    - $iptables
    - $files/iptables/iptables.${ansible_fqdn}
    - $files/iptables/iptables.${host_group}
    - $files/iptables/iptables.${env}
    - $files/iptables/iptables
  notify:
  - restart iptables
  tags:
  - iptables
  - config

# XXX fixme # a datacenter 'fact' from setup
- name: /etc/resolv.conf
  action: copy src=$item dest=/etc/resolv.conf
  with_first_found:
  - ${resolvconf}
  - $files/resolv.conf/${ansible_fqdn}
  - $files/resolv.conf/${host_group}
  - $files/resolv.conf/${datacenter}
  - $files/resolv.conf/resolv.conf
  tags:
  - config
  - resolvconf

- name: rsyslog.conf
  action: copy src=$item dest=/etc/rsyslog.conf mode=644
  with_first_found:
    - $rsyslogconf
    - $files/rsyslog/rsyslog.conf.${ansible_fqdn}
    - $files/rsyslog/rsyslog.conf.${host_group}
    - $files/rsyslog/rsyslog.conf.${datacenter}
    - $files/rsyslog/rsyslog.conf

  notify:
  - restart rsyslog
  tags:
  - rsyslogd
  - config

- name: /etc/postfix/main.cf
  action: copy src=$item dest=/etc/postfix/main.cf
  with_first_found:
    - $postfix_maincf
    - $files/postfix/main.cf.${ansible_fqdn}
    - $files/postfix/main.cf.${host_group}
    - $files/postfix/main.cf.${postfix_group}
    - $files/postfix/main.cf
  notify:
  - restart postfix
  tags:
  - postfix
  - config

#
# This task installs some common scripts to /usr/local/bin
# scripts are under $files/common-scripts
#

- name: Install common scripts
  action: copy src=$item dest=/usr/local/bin/ owner=root group=root mode=0755
  with_fileglob: $files/common-scripts/*
  tags:
  - config
